There are three ways to remove an iCloud account from an iPhone:Got a tip? You can contact Joseph Cox securely on Signal at +44 20 8133 5190, OTR chat at jfcox@jabber.ccc.de, or email joseph.cox@vice.com. You can contact Jason Koebler securely on Signal at 347-513-3688 or via email: jason.koebler@vice.com.
- The password to the original owner’s iCloud can be entered to remove it, which a hacker could obtain via phishing.
- An Apple Store manager can override iCloud. Scammers can trick Apple Store managers into unlocking a device they don’t own.
- The iPhone's CPU can be removed from the Logic Board and reprogrammed to create what is essentially a “new” device (this is very labor intensive and rare. It is generally done in Chinese refurbishing labs and involves stealing a “clean” phone identification number called an IMEI.)
When the owner of a phone returns it to their cell phone provider as part of a phone upgrade or insurance claim, the employee who collects it is trained to ask that customer to remove iCloud from the device, according to spokespeople from AT&T and T-Mobile. But this doesn’t always happen, meaning that carriers and insurance companies get stuck with iCloud-locked phones. Motherboard could not determine whether any carriers currently have the ability to independently remove iCloud lock from iPhones, or whether Apple ever helps carriers remove iCloud at scale. AT&T and T-Mobile ignored specific questions about whether it has the ability to unlock phones, and Sprint and Verizon did not respond to a request for comment. According to two sources in the iPhone refurbishing community who have bought iCloud-locked phones from telecom auctions, mobile carriers want the ability to unlock phones, but Apple likely has little incentive to encourage the secondary market for iPhones.“Every method for removing iCloud involves illegal activity.”
Once the hackers obtain the iCloud login credentials, they simply enter them into the iPhone, which makes it a fully-functioning device that can be resold and have a new account added to it.BlackViirus, the developer behind ProKit, told Motherboard in an online chat that his product costs $75, and he uses a network of resellers to distribute the phishing kit further. BlackViirus claims to have over 1,500 customers. Phishing is a scale operation, with some iCloud unlockers claiming to process bulk orders. They often accept payment using PayPal or Skrill, another money transfer service."You formulate a fake receipt, take it to the Apple Store, and say ‘Hey, I forgot my Apple ID information, but here’s a receipt.'"
“I admit that I tried the receipt template method and offered it at times. I learned this method has a high success rate, but if you ever get a Apple tech that wants to be a super fucking tech and put on a badge and goes in the back of an Apple store, you are guaranteed 100% fcked,” the owner of an iPhone unlocking company posted in a private Facebook group for repair experts last year. “The phone will be flagged in Apple’s system as a fraud device and all these Apple employees talk to each other … [alternatively you can] find a very thirsty manager in an Apple store who will accept a bribe to conduct this service for you. Keep in mind depending on the store each manager is only allowed maximum 5/10 iCloud unlocks a day. Then their system is locked for the day.”Apple acknowledged a request for comment several days before publication, but did not provide a statement.“If you want both T-Mobile and Verizon will be 125$ each.”
“I can buy an iCloud-locked iPhone X for $220, part it out and make $550 over the course of a few months,” Ventocilla said. “But there’s a lot of people who pay that $220 and then think, well, if I can remove iCloud I instantly have a $700 device in my hand. And I’m making that money a lot faster.”Ventocilla says that he has bought more than 500 iCloud-locked devices but has not tried to unlock any of them. He also doesn’t buy iCloud-locked devices from his customers, preferring to get them from companies that he trusts.“The way I justify it in my head is, someone is going to use this phone either way and it’s better for the environment if I use it for parts than just letting it go to waste,” he said. “I don’t sit there and unlock iClouds because I don’t want to make individual moral calls on whether each phone is legitimate. But there’s a huge demand for it.”Apple’s implementation of the iCloud lock is a constant frustration for those in the repair industry, who understand that it’s an important security feature but believe that Apple could have found a way to prevent legitimately resold devices from being locked. “I wish that they would just use iCloud lock for devices that are reported lost or stolen,” Justin Carroll, owner of FruitFixed, an independent smartphone repair shop in Virginia, told Motherboard. “We’ve seen it hundreds of times—people bring in perfectly working and capable phones that have nothing wrong with them and we can’t do anything for them. We’ve even had it happen to us, where we give a loaner phone to a customer, they don’t remove iCloud, they leave the store, and we have an expensive paperweight. That’s incredibly frustrating.”Whether there’s a reliable way to do iCloud unlocking is a constant topic of conversation in repair industry forums and Facebook groups. It’s become so common that, last month, an admin of one of the largest repair-focused Facebook groups asked “should we ban iCloud unlock from this group?” The overwhelming majority of voters suggested that the topic should be banned altogether. Most independent repair shop owners Motherboard spoke to said that iCloud unlocking is a dark side of the repair world that they worry will prevent them from being taken seriously as a legitimate industry, especially as the industry lobbies for right to repair legislation that would make it easier for them to buy repair parts and diagnostic tools.“When I’m trying to sit in the room with an enterprise client, an insurance carrier, an OEM, how am I supposed to logically explain to these guys that we deserve the right to be able to work with them?” Michael Oberdick, owner of the Ohio-based iOutlet chain of repair shops and a prominent right to repair advocate said in a public YouTube video posted last month.“How am I supposed to sit in a room with a Senator of a state and fight for the right to repair and say ‘yes we deserve the right to the parts, the diagnostic tools, all the things we need from these manufacturers’ when we have people rewriting goddamn iCloud as a business model? I’m sorry, but you’re the reason we can’t get shit passed,” he added. “You are the reason the industry is looked at as an ugly stepchild.”Subscribe to our new cybersecurity podcast, CYBER.“You are the reason the industry is looked at as an ugly stepchild.”